Universal secure registry

ABSTRACT

A secure registry system and method for the use thereof are provided which permits secure access to a database containing selected data on a plurality of entities, at least portions of which database has restricted access. Mechanisms are provided for controlling access to restricted access portions of the database are provided, such access being determined by at least one of the identity of the requesting entity and the entity&#39;s status. A multicharacter public code may be provided which the system can map to provide permit delivery of items, complete telephone calls and perform other functions for entities. The system may also be utilized to locate an individual based on limited biological data. Organizations utilizing the system may have custom software facilitating their access and use of the system.

RELATED APPLICATIONS

This application claims the benefit under 35 U.S.C. § 120 as acontinuation of U.S. application Ser. No. 11/768,729, filed on Jun. 26,2007 and issued on Oct. 7, 2014 as U.S. Pat. No. 8,856,539, which iscontinuation of U.S. application Ser. No. 09/810,703, filed on Mar. 16,2001 and issued on Jun. 26, 2007 as U.S. Pat. No. 7,237,117. Each of theabove-identified applications is hereby incorporated herein by referencein its entirety.

BACKGROUND OF INVENTION

1. Field of Invention

This invention generally relates to a method and apparatus for securelystoring and disseminating information regarding individuals and, moreparticularly, to a computer system for authenticating identity orverifying the identity of individuals and other entities seeking accessto certain privileges and for selectively granting privileges andproviding other services in response to suchidentifications/verifications.

2. Discussion of Related Art

Dissemination of information regarding various entities, includingindividuals, in society is conventionally done in a non-centralizedfashion, often requiring specialized knowledge of a likely storagelocation to access the information. This specialized knowledge may notbe available when the information is needed, thus effectively preventingdistribution of the information when required. For example, a doctor inan emergency room may desire access to a patient's medical history indetermining a course of treatment. If the person is not carrying acomplete medical record, which is typically the situation, the medicalrecords may not be available to the doctor. Even if these medicalrecords are available electronically, for example via a computeraccessible in the person's regular doctor's office, the records mayeffectively be unavailable if the person is unconscious or otherwiseincapacitated or if restrictions on access to the doctor's recordscannot otherwise be overcome. The retrieval of required medical recordscan be further complicated by the fact that such records can be locatedat a number of different sites/systems which are not linked. Forexample, the patient's primary care physician may not have records froma specialist treating the patient, and none of these physicians may havedental records. Similar problems arise in other environments whererelevant data may be scattered and/or otherwise difficult to access.

Identification of a person from other persons within a society andverification of a person as being who he says he is are extremelyimportant for many reasons. For example, determination/verification of aperson's identity will typically dictate extension of credit, grantingaccess to information, allowing entry to a restricted area, or thegranting of numerous other privileges.

Most people carry multiple forms of identification. For example, atypical person may carry an identification card issued by a federal,state, or local governmental entity, an identification card issued by auniversity or place of employment, one or more credit cards that serveto identify the person as a holder of a credit card account, one or morebank cards that serve to identify the person as holder of a bankaccount, medical information cards identifying the person as a memberof, for example, a health maintenance organization or as a personholding an insurance policy from a specified insurance company, keysthat identify the person as owner of an automobile, house, etc., andnumerous other identification cards that may be used for specializedpurposes, such as identifying the person as a member of a health club, alibrary, or a professional organization.

To enable the person to function effectively in society, the person musttypically have one or more of these identification devices with them ifthey wish to undertake an associated activity. For example, a person isnot allowed to drive a car or purchase alcohol without a governmentallyissued driver's license. Likewise, although cash may be used to purchasegoods and/or services, the person will typically not be able to purchasegoods and/or services with a credit card if the person is not physicallycarrying the credit card. Similarly, most hospitals and other medicalfacilities will require proof of insurance before rendering medicalattention. Carrying these multifarious identification devices can becomeonerous. Additionally, if one or more of the identification devices islost, stolen or forgotten, it can be inconvenient, making it difficultto obtain goods or services requiring the missing identification.

There are also times when the individual may wish to be identified or atleast verified without providing personal information. For example, aperson may wish to purchase goods and/or services without publiclyproviding his/her credit card information for fear that the credit cardinformation be may be stolen and used fraudulently. Likewise, the personmay wish to purchase goods or order goods to be delivered to an addresswithout revealing the address to the vendor. Unfortunately, conventionalidentification devices require that at least some personal informationbe transmitted to complete a transaction.

There are other related problems. For example, when there is a need tolocate a person or other entity where only limited biographical data isknown, this can be difficult since relevant information is seldomavailable from a single database. Another potential problem is theforwarding of mail, packages, telephone calls/messages, e-mails andother items where a party is in a situation where they are changinglocation frequently and/or where the person does not want suchinformation to be generally available for security or other reasons. Asimple, yet secure, way of dealing with such issues does not currentlyexist.

Another potential problem is filling in forms, particularly for anindividual who frequently has to complete the same or similar form. Suchforms can for example be medical forms when visiting a doctor orentering a hospital, immigration forms on entering the country,employment forms, college entry forms, etc. It would be desirable ifsuch forms could be completed once and be available for future use, andit would be even better if the information for each such form could beautomatically drawn from an existing database to complete the form.There is also a frequent requirement to periodically update informationin a form, for example financial information for a line of credit. Itwould be desirable if such updates could be automatically performed fromdata in a general database.

Still another potential problem is that a person may be forced to makerequests on a database, for example financial requests, under duress. Itwould be desirable if the person could easily and undetectably signalsuch duress when making the request and the receiving system be able toact appropriately to assist and protect the individual.

Systems capable of effectively performing all of these functions do notcurrently exist.

SUMMARY OF INVENTION

There is thus a need for an identification system that will enable aperson to be identified or verified (“identification” sometimes beingused hereinafter to mean either identified or verified) and/orauthenticated without necessitating the provision of any personalinformation. Likewise, there is a need for an identification system thatwill enable a person to be identified universally without requiring theperson to carry multiple forms of identification.

Accordingly, this invention relates, in one embodiment, to aninformation system that may be used as a universal identification systemand/or used to selectively provide personal, financial or otherinformation about a person to authorized users. Transactions to and fromthe database may take place using a public key/private key securitysystem to enable users of the system and the system itself to encrypttransaction information during the transactions. Additionally, theprivate key/public key security system may be used to allow users tovalidate their identity and/or sign instructions being sent to auniversal secure registry (USR) system of the type to which thisinvention relates. For example, in one embodiment, a smart card such asthe SecurID™ card from RSI Security, Inc. may be provided with theuser's private key and the USR system's public key to enable the card toencrypt messages being sent to the USR system and to decrypt messagesfrom the USR system 10.

This USR system or database may be used to identify the person in manysituations, and thus may take the place of multiple conventional formsof identification. Additionally, the USR system may enable the user'sidentity to be confirmed or verified without providing any identifyinginformation about the person to the entity requiring identification.This can be advantageous where the person suspects that providingidentifying information may subject the identifying information tousurpation.

Enabling anonymous identification facilitates multiple new forms oftransactions. For example, enabling anonymous identification enables theidentified person to be telephoned by or receive e-mails from otherpersons without providing the other person with a telephone number ore-mail address, and will permit this to be accomplished even where thereare frequent changes in the person's location. Similarly, enablinganonymous identification will enable the person to receive mail, otherdelivered parcels and other items without providing the recipient'saddress information to the sender. By restricting access to particularclasses of persons/entities, the person can effectively prevent receiptof junk mail, other unsolicited mail, telemarketing calls and the like.

In a financial context, providing anonymous identification of a personenables the person to purchase goods and/or services from a merchantwithout ever transmitting to the merchant information, such as theperson's credit card number, or even the person's name, that could beintercepted and/or usurped and used in subsequent or additionalunauthorized transactions or for other undesired purposes. Enablinganonymous identification may be particularly advantageous in anunsecured environment, such as the Internet, where it has been found tobe relatively trivial to intercept such credit card information.

In a medical context, the USR system, in addition to enabling a personseeking medical treatment to identify themselves, may be configured toprovide insurance data, medical history data, and other appropriatemedical information to a medical provider, once that medical providerhas been established as an authorized recipient. The USR system may alsocontain links to other databases containing portions of the patient'smedical records, for example x-rays, MRI pictures, dental records,glasses, prescriptions, etc.

Access to the USR system may be by smart card, such as a SecurID™ card,or any other secure access device. The technology enabling the USRsystem may be physically embodied as a separate identification devicesuch as a smart ID card, or may be incorporated into another electronicdevice, such as a cell phone, pager, wrist watch, computer, personaldigital assistant such as a Palm Pilot™, key fob, or other commonlyavailable electronic device. The identity of the user possessing theidentifying device may be verified at the point of use via anycombination of a memorized PIN number or code, biometric identificationsuch as a fingerprint, voice print, signature, iris or facial scan, orDNA analysis, or any other method of identifying the person possessingthe device. If desired, the identifying device may also be provided witha picture of the person authorized to use the device to enhancesecurity.

The USR system may be useful for numerous other identification purposes.For example, the USR anonymous identification may serve as a librarycard, a phone card, a health club card, a professional associationmembership card, a parking access card, a key for access to one's home,office, car, etc. or any one of a host of similaridentification/verification and/or access functions. Additionally,equipment code information may be stored in the USR system anddistributed under the user's control and at the user's discretion, tomaintain personal property or public property in an operative state.

BRIEF DESCRIPTION OF DRAWINGS

This invention is pointed out with particularity in the appended claims.The above and further advantages of this invention may be betterunderstood by referring to the following description when taken inconjunction with the accompanying drawings. The accompanying drawingsare not intended to be drawn to scale. In the drawings, each identicalor nearly identical component that is illustrated in various figures isrepresented by a like numeral. For purposes of clarity, not everycomponent may be labeled in every thawing. In the drawings:

FIG. 1 is a functional block diagram of a computer system configured toimplement the universal secure registry (“USR”), including a USRdatabase, according to one embodiment of the invention;

FIG. 2 is a functional block diagram of a first embodiment of anetworked environment including the computer system of FIG. 1;

FIG. 3 is a functional block diagram of an entry of a database formingthe USR database of FIG. 1;

FIG. 4 is a functional block diagram of a second embodiment of anetworked environment including the computer system of FIG. 1;

FIG. 5 is a flow chart illustrating steps in a process of inputting datainto the USR database;

FIG. 6 is a flow chart illustrating steps in a process of retrievingdata from the USR database;

FIG. 7 is a flow chart illustrating a first protocol for purchasinggoods from a merchant via the USR database without transmitting creditcard information to the merchant;

FIG. 8 is a flow chart illustrating a second protocol for purchasinggoods from a merchant via the USR database without transmitting creditcard information to the merchant;

FIG. 9 is a flow chart illustrating a protocol for purchasing goods froma merchant via the USR database by validating the user's check;

FIG. 10 is a flow chart illustrating a protocol for purchasing goodsfrom an on-line merchant via the USR database without transmittingcredit card information to the on-line merchant, and enabling theon-line merchant to ship the goods to a virtual address;

FIG. 11 is a flow chart illustrating a protocol for shipping goods to avirtual address via the USR database;

FIG. 12 is a flow chart illustrating a protocol for telephoning avirtual phone number via the USR database;

FIG. 13 is a flow chart illustrating a protocol for identifying a personvia the USR database;

FIG. 14 is a flow chart illustrating a protocol for identifying a personto a policeman via the USR database;

FIG. 15 is a flow chart illustrating a protocol for providinginformation to an authorized recipient of the information via the USRdatabase;

FIG. 16 is a flow chart illustrating a protocol for providingapplication information to an authorized recipient of the informationvia the USR database; and

FIG. 17 is a functional block diagram of an embodiment configured to useinformation in the USR system to activate or keep active propertysecured through the USR system.

DETAILED DESCRIPTION

This invention is not limited in its application to the details ofconstruction and the arrangement of components set forth in thefollowing description or illustrated in the drawings. The invention iscapable of other embodiments and of being practiced or of being carriedout in various ways. Also, the phraseology and terminology used hereinis for the purpose of description and should not be regarded aslimiting. The use of “including,” “comprising,” or “having,”“containing”, “involving”, and variations thereof herein, is meant toencompass the items listed thereafter and equivalents thereof as well asadditional items.

In one embodiment, an information system is formed as a computer programrunning on a computer or group of computers configured to provide auniversal secure registry (USR) system. The computer, in this instance,may be configured to run autonomously (without the intervention of ahuman operator), or may require intervention or approval for all, aselected subset, or particular classes of transactions. The invention isnot limited to the disclosed embodiments, and may take on many differentforms depending on the particular requirements of the informationsystem, the type of information being exchanged, and the type ofcomputer equipment employed. An information system according to thisinvention, may optionally, but need not necessarily, perform functionsadditional to those described herein, and the invention is not limitedto a computer system performing solely the described functions.

In the embodiment shown in FIG. 1, a computer system 10 for implementinga USR system according to the invention includes at least one main unit12 connected to a wide area network, such as the Internet, via acommunications port 14. The main unit 12 may include one or moreprocessors (CPU 16) running USR software 18 configured to implement theUSR system functionality discussed in greater detail below. The CPU 16may be connected to a memory system including one or more memorydevices, such as a random access memory system RAM 20, a read onlymemory system ROM 22, and one or more databases 24. In the illustratedembodiment, the database 24 contains a universal secure registrydatabase. The invention is not limited to this particular manner ofstoring the USR database. Rather, the USR database may be included inany aspect of the memory system, such as in RAM 20, ROM 22 or disc andmay also be separately stored on one or more dedicated data servers.

The computer system may be a general purpose computer system which isprogrammable using a computer programming language, such as C, C++,Java, or other language, such as a scripting language or even assemblylanguage. The computer system may also be specially programmed, specialpurpose hardware, an application specific integrated circuit (ASIC) or ahybrid system including both special purpose components and programmedgeneral purpose components.

In a general purpose computer system, the processor is typically acommercially available microprocessor, such as Pentium series processoravailable from Intel, or other similar commercially available device.Such a microprocessor executes a program called an operating system,such as UNIX, Linux, Windows NT, Windows 95, 98, or 2000, or any othercommercially available operating system, which controls the execution ofother computer programs and provides scheduling, debugging, input/outputcontrol, accounting, compilation, storage assignment, data management,memory management, communication control and related services, and manyother functions. The processor and operating system defines a computerplatform for which application programs in high-level programminglanguages are written.

The database 24 may be any kind of database, including a relationaldatabase, object-oriented database, unstructured database, or otherdatabase. Example relational databases include Oracle 81 from OracleCorporation of Redwood City, Calif.; Informix Dynamic Server fromInformix Software, Inc. of Menlo Park, Calif.; DB2 from InternationalBusiness Machines of Armonk, N.Y.; and Access from Microsoft Corporationof Redmond, Wash. An example object-oriented database is ObjectStorefrom Object Design of Burlington, Mass. An example of an unstructureddatabase is Notes from the Lotus Corporation, of Cambridge, Mass. Adatabase also may be constructed using a flat file system, for exampleby using files with character-delimited fields, such as in earlyversions of dBASE, now known as Visual dBASE from Inprise Corp. ofScotts Valley, Calif., formerly Borland International Corp.

The main unit 12 may optionally include or be connected to an userinterface 26 containing, for example, one or more input and outputdevices to enable an operator to interface with the USR system 10.Illustrative input devices include a keyboard, keypad, track ball,mouse, pen and tablet, communication device, and data input devices suchas voice and other audio and video capture devices. Illustrative outputdevices include cathode ray tube (CRT) displays, liquid crystal displays(LCD) and other video output devices, printers, communication devicessuch as modems, storage devices such as a disk or tape, and audio orvideo output devices. Optionally, the user interface 26 may be omitted,in which case the operator may communicate with the USR system 10 in anetworked fashion via the communication port 14. It should be understoodthat the invention is not limited to any particular manner ofinterfacing an operator with the USR system.

It also should be understood that the invention is not limited to aparticular computer platform, particular processor, or particularhigh-level programming language. Additionally, the computer system maybe a multiprocessor computer system or may include multiple computersconnected over a computer network. It further should be understood thateach module or step shown in the accompanying figures and the substepsor subparts shown in the remaining figures may correspond to separatemodules of a computer program, or may be separate computer programs.Such modules may be operable on separate computers. The data produced bythese components may be stored in a memory system or transmitted betweencomputer systems.

Such a system may be implemented in software, hardware, or firmware, orany combination thereof. The various elements of the information systemdisclosed herein, either individually or in combination, may beimplemented as a computer program product, such as USR software 18,tangibly embodied in a machine-readable storage device for execution bythe computer processor 16. Various steps of the process may be performedby the computer processor 16 executing the program 18 tangibly embodiedon a computer-readable medium to perform functions by operating on inputand generating output. Computer programming languages suitable forimplementing such a system include procedural programming languages,object-oriented programming languages, and combinations of the two.

As shown in FIG. 2, the computer system 10 may be connected to aplurality of interface centers 27 over a wide area network 28. The widearea network 28 may be formed from a plurality of dedicated connectionsbetween the interface centers 27 and the computer system 10, or may takeplace, in whole or in part, over a public network such as the Internet.Communication between the interface centers 27 and the computer system10 may take place according to any protocol, such as TCP/IP, ftp, OFX,or XML, and may include any desired level of interaction between theinterface centers 27 and the computer system 10. To enhance security,especially where communication takes place over a publicly accessiblenetwork such as the Internet, communications facilitating or relating totransmission of data from/to the USR database 24 or the computer system10 may be encrypted using an encryption algorithm, such as PGP, DES, orother conventional symmetric or asymmetric encryption algorithm.

In one embodiment, the USR system 10 or USR database 24 may be able toauthenticate its identity to a user or other entity accessing the systemby providing an appropriate code which may be displayed on the user'ssmart card, for example a SecurID™ card or its equivalent, or other codegenerator, for example a single use code generator, being employed bythe user. A comparison by the user or the code generator between theprovided number and an expected number can validate, to the user (orother entity) or the code generator, that communication is with thedatabase and not an imposter.

The database 24 shown in FIG. 1 has a USR database containing entriesrelated to persons 1-n. The data in the USR database may also besegregated, as shown in FIG. 4, according to data type to enableindividual computer modules to handle discrete applications on discretedata types. Segregating the data, as illustrated in FIG. 4, may makeaccess to the database more robust by enabling portions of the data inthe USR database 24 to be accessible even when it is necessary toperform maintenance on a portion of the database. However, storing thedata in the USR database 24 according to the scheme illustrated in FIG.1 may make it easier for a user of the database to make changes tomultiple types of data simultaneously or in a single session. There areadvantages and disadvantages to each data structure, and the inventionis not limited to a particular manner of organizing the data within thedatabase 24, data structures other than the two shown also beingpossible.

As shown in FIG. 3, each entry 30 in the database 24 may containmultiple types of information. For example, in the embodiment shown inFIG. 3, the entry contains validation information 32, access information34, publicly available information 36, address information 38, creditcard and other financial information. 40, medical information 42, jobapplication information 44, and tax information 46. The invention is notlimited to a USR containing entries with all of this information or onlythis particular information, as any information on a person or otherentity such as a company, institution, etc. may be stored in USRdatabase 24.

If the database information is split between multiple databases, eachdatabase will typically include at least the validation and accessinformation to enable the USR software to correlate a validation attemptwith a verified validation, and to enable the USR software to determineaccess privileges to the requested data. Alternatively, databases may belinked to permit information not in a main USR database to be retrieved,with validation/identification for all databases accessed being done atthe USR system.

In FIG. 3, the validation information is information about the user ofthe database to whom the data pertains and is to be used by the USRsoftware 18 to validate that the person attempting to access theinformation is the person to whom the data pertains or is otherwiseauthorized to receive it. The validation information may be any type ofinformation that will reliably authenticate the identity of theindividual.

In one embodiment, the user of the database will carry a SecurID™ cardavailable from RSA Security, formerly Security Dynamics Technologies,Inc., of Cambridge, Mass. Use of this card enables secure access to theUSR database without requiring the user to transmit any personalinformation. Specifically, to access the USR database, the cardretrieves a secret user code and/or time varying value from memory andobtains from the user a secret personal identification code. The cardmathematically combines these three numbers using a predeterminedalgorithm to generate a one-time nonpredictable code which istransmitted to the computer system 10. The computer system, specificallyUSR software 18, utilizes the received one-time nonpredictable code todetermine if the user is authorized access to the USR database andgrants access to the USR database if the user is determined to beauthorized. The verification information 32 in the database entry in theembodiment of the invention illustrated in FIG. 3 contains informationto enable the USR software 18 to validate the user using such a card inthis manner.

Alternative types of identification cards or tokens may likewise beused. For example, other smart cards may be used which generatenon-predictable single use codes, which may or may not be time varying,or other access code generators may be used. An algorithm generatingsuch non-predictable codes may also be programmed onto a processor on asmart card or other computing device, such as a cell phone, pager, IDbadge, wrist watch, computer, personal digital assistant, key fob, orother commonly available electronic device. For convenience, the term“electronic ID device” will be used generically to refer to any type ofelectronic device that may be used to obtain access to the USR database.

Likewise, various types of biometric information may be stored in theverification area of the database entry to enable the identity of theuser possessing the identifying device to be verified at the point ofuse. Examples of the type of biometric information that may be used inthis situation includes a personal identification number (PIN),fingerprint, voice print, signature, iris or facial scan, or DNAanalysis. If desired, the verifying section of the database may containa picture to be transmitted back to the person seeking to validate thedevice to ensure the person using the device is the correct person.Optionally, the identifying device itself may also be provided with apicture of the person authorized to use the card to provide a facialconfirmation of the person's right to use the card.

In FIG. 3, the Access information 34 is provided to enable differentlevels of security to attach to different types of information stored inthe entry 30 in the USR database 14. For example, the person may desirethat their address information be made available only to certain classesof people, for example colleagues, friends, family, Federal Express,U.P.S., and the U.S. mail service. The names or universal identifiersfor those selected individuals, companies, organizations and/or agenciesmay be entered into appropriate fields in the Access information tospecify to the USR software 18 those individuals to whom the addressinformation may be released. Likewise, access fields may be specifiedfor the other types of information. For example, the individual mayspecify that only particular individuals and/or companies have access tothe credit card and other financial information 40, medical information42, job application information 44 and tax information 46. Additionally,the individual may specify that no one have access to that informationunless the individual participates in the transaction (see FIG. 6).

As shown in FIG. 1, the USR software 18 contains algorithms forexecution by the CPU 16 that enables the CPU 16 to perform the methodsand functions of the USR software described below in connection withFIGS. 5-16. The USR software 18, in this embodiment, performs allfunctions associated with validating an electronic ID card. If desired,a separate validation software module may be provided to validateelectronic ID devices outside of a firewall segregating the validationinformation from other user information.

The algorithms comprising the USR software 18 may be used to implement,in one exemplary embodiment, a USR system configured to enable selectedinformation to be disseminated to selected individuals in a secure anddynamic fashion. This information may be used for numerous purposes,several of which are set forth below and discussed in greater detail inconnection with FIGS. 5-16.

For example, the USR system may be used to identify the person, enablethe person to be contacted by telephone or mail anonymously, enable theperson to be contacted by telephone or by mail without revealing theperson's telephone number or present location, enable the person topurchase items over the Internet or in a store without revealing to themerchant any personal identification information or credit cardinformation, enable the person to complete a job application withoutcompleting a job application form, enable the police to discern theperson's identity and any outstanding warrants on the individual, andnumerous other uses. The invention is not limited to these severalenumerated uses, but rather extends to any use of the USR database. Themethods of using the USR database 24 will now be discussed in connectionwith FIGS. 5-16.

FIG. 5 illustrates a method of training the USR database 24. As shown inFIG. 5, the USR software 18 first validates the person's identification(500). The initial validation of the person's identification (500) maytake place at the point of sale of an electronic ID device (for example,a smart card). This may be done in any conventional manner, such as byrequiring the person to show a government issued identification card,passport, birth certificate, etc. Once the person's electronic ID devicehas been issued and initially validated, the validation process proceedsas discussed above.

After the validation process (500), the USR software 18 determines ifthe person has rights to enter data into the system (502). This stepenables the system to charge persons for maintaining information in theUSR database 24. For example, the USR software 18 may poll a database ofcurrent accounts or a database of accounts that are currently in defaultto determine if the person has paid the access fee to enter data intothe database. A similar account status inquiry process may be performedby the USR software 18 in connection with each of the other methods setforth in FIGS. 6-16. If the person is not authorized to enter data intothe USR database 24, the person is notified of the status of theiraccount and the process returns (512) to wait for further input fromanother person. Alternatively, a person may be permitted to enter someclasses of data into the system and update such classes of data at nocharge, with a fee possibly being required for other classes of data,for example medical records. This would facilitate a more robustdatabase.

If the person is authorized, the USR software 18 then enables the personto enter basic personal data into the USR database 24 (504). Optionally,personal data may be one class of data the USR software 18 allows theperson to enter into the USR database 18 regardless of account status,i.e., for free.

The USR software 18 will then check to see if the person has additionalrights to enter additional data (506), such as data to be entered intoone of the other categories of data in FIG. 3. Optionally, this step ofchecking the person's rights to enter data (506) may be combined withthe initial check (502). If the person does not have rights to enter anyfurther data, the USR software 18 notifies the user and returns (512).

If the USR software 18 determines that the person has the right to enteradditional data into the USR database 24, the person is prompted throughthe use of appropriate prompts, provided with forms, and otherwiseenabled to enter advanced personal data into the USR database 24 (508).For each type of data entered, the person is asked to specify the typeof access restrictions and/or whom should be allowed to access theadvanced personal data (510). When the person has completed enteringdata into the database, the process returns (512) and commits the datato the database.

In the situation where only one person has access to enter and/or modifydata for a given person in the database, there should be no conflictwith committing data to the database. If, however, multiple people haveaccess to a given account to modify data, the database may perform anintegrity check to ensure the absence of conflict in the data beforecommitting the new data to the database.

Enabling access to the information in the database will be explained ingreater detail in connection with FIG. 6. As shown in FIG. 6, thedatabase will generally allow anyone to access basic personal data onanyone without performing any authorization check (600).

If information beyond that specified in the basic personal informationarea is requested, the USR software 18 queries whether the requestor hasthe right to access the type of requested data (602). The process ofdetermining the requestor's rights (602) typically involves validatingthe requestor's identity and correlating the identity, the requestedinformation and the access information 34 provided by the person to theUSR database during the training process described above with respect toFIG. 5.

If the USR software 18 determines that the requestor has rights toaccess the type of requested data (604), the USR software 18 instructsthe USR database 24 to enable access to the type of requested data(606). The actual step of enabling access to the type of requested datamay involve multiple steps of formulating a database query, querying theUSR database 24, retrieving the results, assembling the results into auser friendly or user readable format, and transmitting the informationto the user.

If the USR software 18 determines that the requestor does not have theappropriate rights to access the type of requested data (604), the USRsoftware 18 checks to see if the person is participating in thetransaction (608). Checking to see if the person is participating in thetransaction enables the user to authorize access to the requested datain real time. For example, a person may wish to participate in atransaction to give a potential employer one-time access to jobapplication information 44 (see FIG. 3). If the person is notparticipating in the transaction, the USR software 18 determines thatthe requestor is not authorized to have access to the requested data,notifies the requestor of this determination, and ends (610).

If the person is participating in the transaction (608), however, theUSR software 18 validates the person's identity (612) and enables theperson to change access rights to the data (614). If the USR software 18is not able to validate the person's identity, the USR software 18refuses to allow the person to update the database, notifies the personand/or requestor of this determination, and returns (610).

It is also possible that a person may be required to grant access tocertain data, for example financial data such as account numbers, underduress. The system may provide the person with the ability to safelysignal this when accessing the system by using a selected access code orby making a known modification to the access code provided by theelectronic ID device. On receiving such code, the system would takeappropriate steps to protect the person, including for example alertingthe police, tracking the person's location to the extent possible,providing traceable data, and the like.

Once the person has had the opportunity to change access rights to thedata (614), the USR software 18 again checks to see if the requestor hasrights to access the type of requested data (616). Although step 616 mayseem redundant, given the fact that the person is participating in thetransaction and has just previously changed access rights to thedatabase to enable the requestor to have access to the data, step 616 isactually useful at preventing a different type of fraud. Specifically,the requestor may not be forthright with the person regarding the typeof information they are requesting. If step 616 were omitted, the USRsoftware 18 may inadvertently allow access to an unauthorized type ofinformation in the situation where the requestor has surreptitiouslyrequested multiple types of data.

If the USR software 18 determines that the requestor has rights to thetype of data requested (616), it causes the USR database to enableaccess to the type of requested data (606). Otherwise, it notifies therequestor of the decision to deny access to the requested data andreturns (610).

Various applications of the USR database 24 and USR software 18 will nowbe discussed in connection with FIGS. 7-16. These applications aremerely exemplary of the types of applications enabled by the USRsoftware 18 and USR database 24, and the invention is not limited tothese particular applications.

FIG. 7 illustrates one embodiment of a method of using the USR software18 and USR database 24 to purchase goods or services from a merchantwithout revealing to the merchant account information relating to theperson's bank or credit card.

As shown in FIG. 7, when a user initiates a purchase (700), the userenters a secret code in the user's electronic ID device (702) to causethe ID device to generate a onetime code or other appropriate code, andpresents the electronic ID device with the code to the merchant orotherwise presents the code to the merchant. The merchant transmits tothe credit card company (1) the code from the electronic ID device, (2)the store number, (3) the amount of the purchase (704), and the time ofreceipt of the code. The credit card company takes this information andpasses the code from the electronic ID device to the USR software 18(706). The USR software 18 determines if the code is valid, or was validat the time offered, and if valid accesses the user's credit cardinformation and transmits the appropriate credit card number to thecredit card company (708). While the link between the USR system and thecredit card system is a secure link, there is always a danger that thelink may be penetrated and credit card numbers obtained. This may beavoided by instead transmitting, on approval, a multidigit public IDcode for the credit card holder which the credit card company can map tothe correct credit card number. Even if the link is violated, the publicID code is of no value and the secure link prevents this code from beingimproperly sent to the credit card company. The credit card companychecks the credit worthiness of the user and declines the card or debitsthe user's account in accordance with its standard transactionprocessing system (710). The credit card company then notifies themerchant of the result of the transaction (712). In this embodiment, theuser has been able to purchase goods or services from a merchant withoutever providing to the merchant the credit card number. Since theelectronic ID device generates a time variant code or otherwisegenerates a code that can for example only be used for a singletransaction, the merchant retains no information from the transactionthat may be fraudulently used in subsequent transactions.

Another embodiment of a system for facilitating purchase of goods orservices without providing financial information to the merchant is setforth in FIG. 8. In FIG. 8, like FIG. 7, the user initiates a purchase(800), enters a secret code in the electronic ID device (802) andpresents the resultant code to the merchant. The merchant, in thisembodiment, transmits to the USR software 18, (1) the code from theelectronic ID, (2) the store number, and (3) the amount of the purchase(804). The USR software 18 determines if the code is valid (806) and, ifvalid, accesses from the USR database 24 the user's credit cardinformation (808). The USR software then transmits to the credit cardcompany (1) the credit card number, (2) the store number, and (3) theamount of purchase (808). The information in this embodiment transmittedto the credit card company is intended to be in a format recognizable tothe credit card company. Accordingly, the invention is not limited totransferring from the USR system 10 to the credit card company theenumerated information, but rather encompasses any transfer ofinformation that will enable the use of the USR system 10 to appeartransparent to the credit card company.

The credit card company then processes the transaction in a standardfashion, such as by checking the credit worthiness of the person,declining the card or debiting the user's account and transferring moneyto the merchant's account (810). The credit card company then notifiesthe USR system 10 the result of the transaction (812) and the USRsoftware 18 in turn notifies the merchant of the result of thetransaction (814).

In this embodiment, like the embodiment of FIG. 7, the user can use theUSR system 10 to purchase goods or services from a merchant withoutproviding the merchant with the user's credit card number. In theembodiment of FIG. 8, the interposition of the USR system 10 between themerchant and the credit card company is transparent to the credit cardcompany and thus requires no or minimal cooperation from the credit cardcompany to implement.

FIG. 9 illustrates one embodiment of a method of using the USR system 10to verify funds when using a check to purchase goods or services from amerchant. In the embodiment of FIG. 9, the user initiates a purchase andwrites a check to the merchant (900). The check may be a conventionalcheck containing identifying information, or may be a check bearing aunique serial number and no identifying information to enable the checkto be used anonymously.

In either situation, the user enters a secret code into the electronicID card and presents the resulting code to the merchant along with thecheck (902). The merchant transmits to the USR software 18 (1) the codefrom the electronic ID card, (2) the store number, and (3) the amount ofthe purchase (904). Where the check is an anonymous check, the merchantalso transmits to the USR software 18 the check number.

The USR software 18 then determines if the code from the electronic IDis valid (906), and if valid accesses the user's bank information andtransmits to the bank: (1) the user's bank account number, (2) the storenumber, and (3) the amount of the purchase (908). Optionally, the USRsoftware 18 may additionally inform the bank of the check number.

The bank polls its own database to determine if there are sufficientfunds in the user's account (910) and notifies the USR software 18 ofthe result (912). The USR software 18 then, in turn, notifies themerchant of the result of the verification (914).

This check verification system may take place over an unsecuredconnection between the merchant and the USR system 10 since the user'sbank account information is not sent over the connection between themerchant and the USR system 10. Moreover, where an anonymous check isused, the merchant is not even provided with the person's name oraccount information in written form. This provides additional securityagainst unauthorized persons writing subsequent checks.

The check verification system may be conducted over a telephone network,such as by having the merchant call a toll free number, or over anetwork connection such as over the Internet.

FIG. 10 illustrates a method of conducting a transaction with a merchantwithout requiring the user to provide to the merchant the user's name,address, or other identifying information, while enabling the merchantto ship the goods to the user. This may be beneficially employed, forexample, in connection with transactions that take place between remoteparties in a networked environment, such as the Internet.

As shown in FIG. 10, the user initiates an anonymous purchase byentering a secret code into the electronic ID device and transmittingthe result to the on-line merchant (1000). The merchant transmits thisinformation to the USR software 18, along with the store number and theamount of the purchase (1002). Optionally, the merchant may provide thestore number and purchase price to the user and the user may send thisinformation directly to the USR software 18 along with the code from theelectronic ID. Where the number from the electronic ID device is a timevarying number, the merchant may also need to input the time the numberwas received. Alternatively, the electronic ID device may encode orencrypt the time with the number, the USR software being able to extracttime when receiving the number from the merchant. This may not berequired where the time varying number varies slowly, for examplechanging every hour rather then every minute as for some existing suchdevices.

In either event, the USR software 18 determines if the code is valid(1004) and, if valid, accesses the user's credit card information fromthe USR database 24 (1006). The USR software 18 then contacts the user'scredit card company, as described above in connection with FIG. 8 (1008)and notifies the USR software 18 of the result (1000).

If the user's credit is declined, the USR software 18 notifies theon-line merchant and the transaction is terminated (1012). If the user'scredit is honored, the USR software 18 polls the USR database 24 for theuser's address and/or address code (1014). Address codes are discussedbelow in greater detail with reference to FIG. 11. The merchant thenpackages the goods into a parcel, labels the parcel with the appropriateaddress and/or address code and ships the parcel to the user (1016).Having the USR system 10 provide the address and/or address code to theon-line merchant enables the user to purchase items in a networkedenvironment without requiring the user to input address information inconnection with every sale.

FIG. 11 illustrates a use of the USR database 24 to deliver mail to auser without requiring the user to provide address information to thesender. This may be useful in many contexts. For example, the user maywish that the address information be known only by the post office. Inthis instance, using the USR database 24 according to the method of theinvention described below, will enable the user to receive parcelswithout requiring the user to provide the merchant with the addressinformation. Additionally, the user's address may change, temporarily,permanently, or frequently. Enabling the sender to send mail by enteringa code instead of an address enables the post office to effectivelydeliver the coded mail to the corresponding address regardless of thefrequency with which the address changes or the duration in which theaddress will remain valid.

In FIG. 11, the user provides an address code on a public area of theUSR database 24 that is available to all persons to see (1100). Thiscode may for example be six alpha characters, which should be adequatefor currently anticipated system populations. Optionally, the user mayprovide this code directly to a merchant or other person desirous ofsending the person one or more parcels.

The user also provides address information to the address informationarea 38 of the user's entry in the USR database 24 (1102). Access to theaddress information 38 is restricted by a rule or other appropriateentry in the access information 34 of the user's entry to only permitmail, parcel or other material delivery services, such as the US mail,UPS and Fed Ex to access the address information.

When someone wishes to have a parcel or other items delivered to theuser, the sender retrieves the user's address code from the USR database24 or otherwise receives the address code from the user, and prints theaddress code on the parcel (1104).

The delivery service accesses the USR software 18, validates itsidentity, and queries the USR database 24 for address informationcorresponding to the address code (1106). The USR database 24 retrievesthe appropriate address data and provides the address information to thedelivery service. The delivery service then either prints out an addresslabel, prints a machine readable bar code to be attached to the package,or correlates an entry in a delivery database between the address codeand the user address (1110). The delivery service then uses thisretrieved information to deliver the package to the user while neversupplying the merchant with the user's permanent or temporary address. Auser may also assure that mail, parcels, etc. are delivered to a currentlocation by providing only a single notice to the USR system, regardlessof how frequently the person moves. The person can also automaticallyprovide for address changes where the person moves according to a knownschedule. Thus, deliveries to be made on a weekday could be directed toone address and deliveries on a weekend to another address; ordeliveries during winter months to one address and during summer monthsto a different address.

FIG. 12 illustrates a method of enabling a person to telephone a user ofthe USR system 10 without providing the user's telephone number to theperson. In the embodiment illustrated in FIG. 12, the user provides atelephone code on the publicly available area of his entry on the USRdatabase 24 (1200). This code may be assigned by the USR software 18 ormade up by the user. The user also provides the USR database 24 withactual telephone information to enable the USR system 10 to connectcallers with the user (1202).

The person wishing to telephone the user of the USR system 10 calls atelephone number and enters the telephone code of the user (1204). TheUSR software 18, optionally, may require the person to identifythemselves to see if they are authorized to call the user. Assuming thatthe person is authorized to call the person, or if no authorizationcheck is performed, the USR connects the person to the telephone numberin the USR database 24 without providing the person with the telephonenumber.

Enabling the user to specify the telephone number may be advantageousfor many reasons. First, the user may frequently be switching betweentelephone coverage areas and may wish to be reachable at all times.Simply by instructing the USR database 24 to connect incoming telephonecalls to one of a myriad of numbers will facilitate connecting theincoming calls to, for example, the user's cell phone, work phone,pager, car phone or home phone, without necessitating the user toprovide all these numbers to the caller. A similar system may beimplemented for facsimile transmissions, e-mails or othercommunications.

The user also may have predefined rules to enable telephone calls tofollow a set pattern. For example, the user may desire to receivetelephone calls only from family members during the night time at home,may wish to have all incoming calls routed to a car phone duringcommuting hours, and may wish to have all incoming calls routed to acell phone during lunch. These time dependent rules may and/or callerspecific rules may be entered into the USR database to specifyaccessibility and connectivity of incoming telephone calls.

The publicly available address code and telephone code and any othercodes may be the same, or may be different, there being some advantagesto having a single code usable for all such applications for each personon the system. The codes could be accessible through a variety of mediaincluding telephone and the internet. Where two or more people on thesystem have the same name, which will frequently be the case, additionalpublicly available biographical data may be provided with the name toassure that the right code is selected. The system may similarly be usedto provide public keys for use in a public key/private key encryptionsystem, to provide other public codes for an individual or to provideother public information. Access to such information would typically beunrestricted.

Where the system is used to provide public keys, the public code used toobtain the key, or possibly the public key itself, may be used as aboveto obtain the e-mail address, telephone number or the like for theperson to whom the message is being sent, and the USR system may also beused to perform the encryption. When the recipient receives the message,he deencrypts it using the recipient's private key in standard fashion,including deencrypting the name of the sender. However, this does notnecessarily verify the sender and such verification may be desirable forimportant messages, particularly ones involving large financialtransactions. The USR system may accomplish such verification by alsostoring private keys for people in the system. The sender firstauthenticates himself to the system, and the system then adds a secondsignature to the message which is encrypted with the sender's privatekey. The receiving party deencrypts this signature with the sender'spublic key. Since the system only sends such signatures forauthenticated users, the message is thus verified.

FIG. 13 illustrates a general method of using the USR database 24 toauthenticate a user's identification. This may be used in connectionwith any of the other methods disclosed herein to ensure that theelectronic ID device has not been stolen and/or hacked by anunauthorized holder.

Specifically, in the embodiment illustrated in FIG. 13, the userattempts to prove identification to a validator, such as to prove thatthe possessor of the electronic ID device is of sufficient age topurchase alcohol (1300). In connection with this attempt, the userenters a secret code into the electronic ID (1302). The validatortransmits to the USR software 18 the code from the electronic ID (1304).If the USR software 18 determines that the code is valid (1306), itaccesses the user's photograph, age information, or any other desiredinformation, and transmits that information to the validator (1308). Bytransmitting back to the validator a picture of the person to whom theelectronic ID card was issued, the validator can ensure that the personusing the electronic ID card is the proper person. Likewise, thevalidator can ensure, based on the information provided by the USRsystem 10, that the person is as old as the person claims to be.

A specific embodiment of this identification validation procedure isillustrated in FIG. 14. In FIG. 14, a policeman takes the place of thevalidator. In this scenario, however, instead of simply transmitting tothe policeman a validation of the user's identity, such as theirpicture, the policeman may also receive additional information, such asthe user's police records, records of any arrests, outstanding warrants,and other similar information that may be of use to the policeman whendetermining how to handle a particular individual.

FIG. 15 illustrates a process for enabling the user to provide specificinformation to a party, such as medical staff in an emergency room. Asshown in FIG. 15, if the user desires to provide information to a party(1500), the user enters a secret code in the electronic ID device andprovides the electronic ID code to the party (1502). The party transmitsto the USR software 18 the ID code and the party code (1504). The partycode may be a code from for example an electronic device whichidentifies the party, may be a status code which identifies the class ofusers to which the party belongs, for example policeman, emergency roompersonnel, doctor, etc. or may be a combination of both, the status codefor example being encrypted into the ID code. The USR software 18determines if the code is valid (1506), accesses the user's informationin the USR database 24 and transmits available information to the party(1508). In this scenario, the user may be provided with a plurality ofdifferent codes to enter into the electronic ID device depending on thetype of information to be released to the party. For example, the user'sbasic code may be 1234. The fifth digit of the electronic code mayspecify the type of information to be provided, i.e., 1=addressinformation, 2=medical information; 3=telephone information, 4=jobapplication information, etc. Using multiple codes eliminates anyambiguity about the authority provided by the user to the party, butrequires the user to remember additional information.

The above assumes the user is able to provide an ID code when theinformation is required. However, in for example an emergency roomsituation, the user may not be in a position to provide the ID code, butwould still want medical records provided. The release authorization forcertain portions of the user's database could therefore specify that theinformation be released to certain class or classes of individuals andthe USR system would release such information to individuals ororganizations based only on status code. Thus, the status code of anemergency room could alone trigger release of medical data.

FIG. 16 illustrates one embodiment of a method of using the USR database24 to complete a standard application, such as a job application or anapplication to rent an apartment. This embodiment is a specific exampleof the more generic method of enabling a party to retrieve informationdiscussed above with respect to FIG. 15. In FIG. 16, however, the partymay be provided with the opportunity to provide a form to the USRsoftware 18, the fields of which may be automatically completed withinformation from the job application information section of the USRdatabase 24.

As can be seen from the above, many of the users of the USR system areorganizations or agencies such as carriers (post office, UPS, FedEX),communication companies, law enforcement organizations, hospitals andother medical facilities and the like. Each of these organizations canbe provided with specialized software either on a disc or other suitablemedia or electronically, for example over the internet, which performs anumber of functions, for example automatically generating status codesfor data access requests, controlling information received, andformatting data received in response to a request in a desired way. Thiscan result in an access request from such organization for a given usercausing all data on the user required to complete the form beingretrieved and presented to the organization in the format of their form.A user may also authorize an organization for which a form has beencompleted using the USR system to receive updates, either in response toa request from the organization or at selected intervals, for exampleonce a year, so as to maintain information in the forms current. Sincethe user will be providing information to the system on a regular basis,this is a relatively easy and painless way for the user to maintaincurrent information with many organizations the user deals with.

Another potential use of the system is to permit a person to be locatedwhere only limited biographical information on the person is known.Users of the USR system wishing to participate in this feature could becued to provide non-confidential biographical data when they come on thesystem or at any time thereafter when they decide to participate. Theycan also indicate whether they wish their name given out in response tosuch an inquiry or to merely be alerted to an inquiry which mightinvolve them and information on the requester. A person seeking to findanother person or group of people can input appropriate biographicaldata, for example members of 1975 Harvard University hockey team, orinformation of a person's last known address plus school information,etc. The system will then provide a list of persons who meet the listedcriteria from which the person making the inquiry can hopefully find theperson they are looking for.

In the above application and others, when a person is located, theperson may request that only the person's address code or general accesscode (i.e. a single code which is used to get current address,telephone, e-mail, etc. information) be provided when the person islocated. This can further protect the individual from undesiredcontacts.

FIG. 17 illustrates another embodiment of the invention. As shown inFIG. 17, the USR system 10 may be used to secure expensive personalequipment, such as stereos, televisions, laptop computers, cellulartelephones, cars, boats, and other items of value to a person. In thisembodiment, each item to be secured using the USR system is providedwith a USR timer chip imbedded in the electronics. If the USR timer chipis not provided with a code within a predefined period of time, forexample every 30 days, the equipment is deactivated. Thus, for example,a television, mobile phone, laptop computer, automobile, heavyequipment, weapon or facility may be provided with a security chiphaving an internal timer that must be reset before expiration byprovision of a particular code. When reset does not occur, the timerwill disable the electronic device or other device using any one of anumber of known disablement methods. Exemplary codes may be transmittedin the same manner as beeper signals are conventionally transmitted ormay be transmitted to wired devices over the Internet or other publicnetwork.

The USR system 10 may be advantageously employed to automaticallyprovide the secured property with the necessary codes at appropriateintervals, unless instructed by the user of the USR system 10 to ceasedoing so. Alternatively, the USR system 10 may require participation bythe user prior to sending out the activation codes.

In this embodiment, the user may provide to the USR system 10,information indicative of the codes to be transmitted, timinginformation, and automation information—i.e., whether the codes shouldbe sent automatically or should require user intervention. Optionally,where the user opts to require user intervention, the USR system 10 maynotify the user of the upcoming deadline via e-mail or another method.

This system may be useful to secure sensitive equipment other thanpersonal equipment as well, such as military equipment, publicequipment, school equipment and any other equipment that is subject totheft.

It should be understood that various changes and modifications of theembodiments shown in the drawings and described in the specification maybe made within the spirit and scope of the present invention.Accordingly, it is intended that all matter contained in the abovedescription and shown in the accompanying drawings be interpreted in anillustrative and not in a limiting sense. The invention is limited onlyas defined in the following claims and the equivalents thereto.

What is claimed is:
 1. An anonymous transaction authentication systemfor providing anonymous information to a first party to enabletransactions between the first party and entities with secure datastored in the system, comprising: a receiver for receiving a timevariant code wirelessly communicated from a device to the first partyresponsive to an authentication input provided to the device by a userto trigger payment for services, wherein the device authenticates theuser based on the authentication input; a database including secure datafor each entity and information for mapping the time variant code toeach respective entity having secure data in the secure registry system;and a processor configured to receive from the first party the timevariant code for the entity and match the time variant code to theentity on whose behalf a transaction is to be performed, configured tomap the time variant code to the identity of the entity and secure dataassociated with the entity including information required to enable thetransaction to proceed anonymously, the information including accountidentifying information where the account identifying information isunknown to the first party, to provide the account identifyinginformation to a third party to enable the transaction without providingthe account identifying information to the first party.
 2. The system ofclaim 1, wherein the time variant code includes a secret code of theentity.
 3. The system of claim 1, wherein the time variant code isprovided from the entity via a secure electronic transmission device. 4.The system of claim 1, wherein the time variant code is encrypted andtransmitted by the entity, and the system is configured to decrypt thetime variant code with a public key associated with the entity.
 5. Thesystem of claim 1, wherein said first party provides delivery services,wherein the information is an address to which an item is to bedelivered for the entity, wherein the system receives the time variantcode and the system uses the time variant code to obtain the appropriateaddress for delivery of the item.
 6. The system of claim 1, wherein thesystem is configured to enable the first party to perform the serviceswithout disclosing the secure data to the first party.
 7. The system ofclaim 1, wherein the information is credit card information regardingthe entity, and wherein the processor is configured to provide thecredit card information based upon the time variant code of the entityto enable a transaction.
 8. The system of claim 7, wherein the system isconfigured to receive an approval of the credit card transaction withoutproviding a credit card number of the entity to the first party.
 9. Thesystem of claim 1, wherein the information is bank card informationregarding the entity, and wherein the processor is configured to providethe bank card information to enable a transaction based upon the timevariant code of the entity.
 10. The system of claim 9, wherein thesystem is configured to provide an approval of the bank card transactionwithout providing a bank card number of the entity to the first party.11. The system of claim 1, wherein the time variant code is generated tobe a one-time non-predictable code.
 12. A computer implemented methodfor providing anonymous information to a first party to enabletransactions between the first party and entities with secure data, themethod comprising: receiving, by a receiver, a time variant codewirelessly from a device for an entity on whose behalf services are tobe provided responsive to an authentication input provided to the deviceby the entity to trigger payment for the services, wherein the deviceauthenticates the entity based on the authentication input; connectingto a database including secure data for each entity and information formapping the time variant code to each respective entity having securedata in a secure registry system; and matching, by a processor, the timevariant code to the entity on whose behalf a transaction is to beperformed; mapping, by the processor, the time variant code to theidentity of the entity and secure data associated with the entityincluding information required to enable the transaction to proceedanonymously, the information including account identifying informationwherein the account identifying information is unknown to the firstparty; and providing, by the processor, the account identifyinginformation to a third party to enable the transaction without providingthe account identifying information to the first party.
 13. The methodof claim 12, further comprising an act of using correspondinginformation to enable the first party to perform the services, whereinusing the corresponding information comprises providing anonymousvalidation information to the first party to perform the services. 14.The method of claim 12, wherein the act of receiving the time variantcode comprises receiving a secret time variant code which is secret tothe entity.
 15. The method of claim 12, wherein the act of receiving thetime variant code comprises receiving the secret code which has beentransmitted by a secure electronic transmission device.
 16. The methodof claim 12, wherein the act of receiving the time variant codecomprises receiving an encrypted time variant code and the methodfurther comprises decrypting the encrypted time variant code.
 17. Themethod of claim 13, wherein the acts of mapping the time variant codeand using the information to perform the services comprises notproviding the information to a provider of services.
 18. The method ofclaim 13, wherein the act of using the corresponding information toperform the services comprises using credit card information about theentity to enable a credit card transaction.
 19. The method of claim 18,wherein the act of using the corresponding information comprisesreceiving a validation or denial of the credit card transaction withoutproviding a credit card number of the entity to the first party.
 20. Themethod of claim 12, wherein the act of using the correspondinginformation to perform the services comprises: using bank cardinformation about the entity to enable a transaction through a thirdparty; and receiving validation information from the third party. 21.The method of claim 20, wherein the act of using the correspondinginformation comprises receiving a validation or denial of the bank cardtransaction without providing a bank card number of the entity to thefirst party.
 22. The method of claim 12, wherein the time variant codeis generated to be a one-time non-predictable code.
 23. The system ofclaim 1, wherein the processor is further configured to execute arestriction mechanism to determine compliance with any accessrestrictions for the first party to secure data of the entity forcompleting the transaction based at least in part on an indication ofthe entity communicated with a transaction request, and to allow or notallow access to the secure data associated with the entity including theaccount identifying information required to enable the transaction basedon the determined compliance with any access restrictions for the firstparty.